pvm7103

Hi. I restored the FF defaults on all profiles. I tried searching on 2 of the 3 profiles and have not had any issue.

Hello. I encountered the redirect when I logged into another Windows user account. Does that mean that I will need to reset the FF defaults for each user account? I have 3 user accounts, one for each kid. LOL. I reset the defaults for this Admin account. I've done some searching and have not had the problem. .

Hello. I completed the removal of the programs. Can I automate the scheduling of the temp file cleanup? I am in need of a security program as mine expired during the timeframe of this infection cleanup. I was planning on renewing MacAfee. Is there a reason why you recommend MSE over MacAfee? Does Microsoft create a restore point prior to the installs of any software? Thank you very much for your help. I so much appreciate it. Blessings! Pat

I don't want to delete Youtubedownloader.exe. I use that every week. I got that software from CNET so I know originally it was a good source. Do you see an issue with keeping it?

Here is the log. The ESET scan program did not uninstall. I checked the box, but there was no Finish on the next screen. C:\ProgramData\dsgsdgdsgdsgw.js JS/Agent.NIG trojan C:\Qoobox\Quarantine\C\Users\Home\AppData\Local\CyberLink\Citrix\duagnc.dll.vir a variant of Win32/Kryptik.ASDS trojan C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbgedddgdhdedadidbdhdegfdhdc\background.js Win32/TrojanDownloader.Tracur.V trojan C:\Users\Admin\Downloads\YouTubeDownloaderSetup35.exe probably a variant of Win32/Toolbar.Widgi application C:\Users\All Users\dsgsdgdsgdsgw.js JS/Agent.NIG trojan C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbgedddgdhdedadidbdhdegfdhdc\background.js Win32/TrojanDownloader.Tracur.V trojan C:\Users\Home\AppData\Local\CyberLink\Citrix\duagnc.dll a variant of Win32/Kryptik.ASDS trojan C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Default\aadddbgedddgdhdedadidbdhdegfdhdc\background.js Win32/TrojanDownloader.Tracur.V trojan C:\Users\Home\Downloads\YouTubeDownloaderSetup35.exe probably a variant of Win32/Toolbar.Widgi application

Hi. I can't get to this until this weekend. Thanks for the patience.

I restored Firefox. I have not spent much time on the computer, but the limited time I did, I have not experienced any redirect.

I really don't know for sure. I had both IE and Moz open. And now the history is deleted so I can't check

Prior to running these utilities tonight, I had 2 instances of redirection when I typed in the url. I was redirected to one of the same fake pages showing a Monster brand career site. I have not encountered a redirection when searching in the past few days. The redirection is sporadic.

HijackThis Report Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:08:34 AM, on 1/18/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files (x86)\Bsecure\BSecAMX.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe C:\Program Files (x86)\USB Camera2\VM332_STI.EXE C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe C:\Program Files (x86)\Bsecure\BsecTray.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\DDNI\Lenovo Smile Dock\CenterStage.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe C:\Users\Home\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll (file missing) O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll (file missing) O4 - HKLM\..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe O4 - HKLM\..\Run: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" O4 - HKLM\..\Run: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe" O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe O4 - HKLM\..\Run: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" O4 - HKLM\..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun O4 - HKCU\..\Run: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe O4 - HKCU\..\Run: [HP Photosmart 7520 series (NET)] "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28G2B0MC05XX:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [Citrix] rundll32 "C:\Users\Home\AppData\Local\CyberLink\Citrix\duagnc.dll",DllRegisterServerW O4 - Global Startup: Bluetooth.lnk = ? O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Broken Internet access because of LSP provider '%programfiles%\bsecure\inetctrl57.dll' missing O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} (Forefront UAG endpoint components) - https://dwa.deluxe.com/InternalSite/WhlCompMgr.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CloudCare (Bsecure) - Bsecure Technologies, Inc. - C:\Program Files (x86)\Bsecure\InetCtrl.exe O23 - Service: CloudCare AntiVirus (BsecureAV) - Bsecure Technologies, Inc. - C:\Program Files (x86)\Bsecure\BsecAV.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing) O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: lxed_device - - C:\windows\system32\lxedcoms.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Oasis2Service - Unknown owner - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Slidebar Notifier Service - Lenovo - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13261 bytes

Here's the MB log. I will get the other report you requested shortly. Thanks again. Malwarebytes Anti-Malware (Trial) 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.18.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Home :: HOME-PC [administrator] Protection: Enabled 1/17/2013 11:58:09 PM mbam-log-2013-01-17 (23-58-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 302546 Time elapsed: 2 minute(s), 11 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Hello. I had a family emergency and cannot get to this until Thursday if that's ok. I have had 1 redirect in the past few days. Thanks for checking.

Sansa Media Converter ABBYY FineReader 6.0 Sprint Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Software Update Audacity 2.0.2 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cisco WebEx Meetings CloudCare Coupon Printer for Windows CyberLink YouCam D3DX10 Energy Management Facebook Video Calling 1.0.0.8953 Freemake Video Downloader GoToAssist Corporate GoToMeeting 4.8.0.723 Intel® Management Engine Components Intel® Rapid Storage Technology Java Auto Updater Java 7 Update 4 JavaFX 2.1.0 JMicron Flash Media Controller Driver Junk Mail filter update LAME v3.99.3 (for Windows) Lenovo DirectShare Lenovo EasyCamera Lenovo Games Console Lenovo MuteSync Lenovo OneKey Recovery Lenovo SlideNav Lenovo Smile Dock Lenovo SplitScreen Lexmark Printable Web Lexmark Toolbar LG Verizon United Drivers Malwarebytes Anti-Malware version 1.70.0.1100 McAfee Security Scan Plus McAfee SiteAdvisor Mesh Runtime Microsoft Forefront UAG endpoint components v4.0.0 Microsoft Office 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Starter 2010 - English Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Mozilla Firefox 18.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Oasis2Service 1.0 Octoshape Streaming Services Onekey Theater ooVoo Power2Go QuickTime Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver Sansa Updater Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Ventrilo Client VeriFace WebEx Recorder and Player West Point Bridge Designer 2011 (2nd Edition) (remove only) West Point Bridge Designer 2012 (2nd Edition) (remove only) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources YTD Video Downloader 3.9.6

Restored successfully. The internet connection is working now.

Is this the windows system restore?

Oh no! I can't access the internet any longer. When the system first restarted I got some message that a Windows service could not be found. The connection diagnosis message is 'windows could not automatically detect this networks proxy settiings'. I'll have to find a computer to post the latest log.

So far so good. But the search redirect is sporadic so I will continue to try it for the next few hours and let you know. Thank you very much. I have made a donation in appreciation for your help. Blessings!

This log doesn't look right. The date of the log and the properties show that this is the one that ran 4 hours ago. Should I have deleted the log before I ran this OTL.exe the second time. OTL logfile created on: 1/11/2013 4:13:57 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.06% Memory free 15.96 Gb Paging File | 13.71 Gb Available in Paging File | 85.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 653.00 Gb Total Space | 436.96 Gb Free Space | 66.92% Space Free | Partition Type: NTFS Drive D: | 30.69 Gb Total Space | 28.56 Gb Free Space | 93.06% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.) PRC - C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.) PRC - C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.) PRC - C:\Program Files (x86)\Bsecure\BSecAMX.exe () PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe () PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe () PRC - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation) PRC - C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe (Lenovo) PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) PRC - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe () PRC - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Bsecure\BSecAMX.exe () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe () MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddrs.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\iptk.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\epoemdll.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\epstring.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizres.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizard.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\customui.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\epfunct.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\eputil.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\imagutil.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll () ========== Services (SafeList) ========== SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe () SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( ) SRV:64bit: - (Slidebar Notifier Service) -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe (Lenovo) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BsecureAV) -- C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.) SRV - (Bsecure) -- C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (DMService) -- C:\Windows\Downloaded Program Files\DMService.exe (Microsoft ® Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (lxed_device) -- C:\Windows\SysWOW64\lxedcoms.exe ( ) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (ToolkitDisk) -- C:\Windows\SysNative\drivers\toolkitdisk.sys (Toolkit Development, Ltd.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BsecureFilter) -- C:\Windows\SysNative\drivers\BsecFltr.sys (BSafe Online) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (BSecACFltr) -- C:\Windows\SysNative\drivers\BSecACFltr.sys () DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (BsecureFilter) -- C:\Windows\SysWOW64\drivers\BsecFltr.sys (BSafe Online) DRV - (BSecACFltr) -- C:\Windows\SysWOW64\drivers\BSecACFltr.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes,DefaultScope = {F2123D61-1901-4715-AD98-522EC8BD34A5} IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{7B98B06F-9D73-4C65-B6A0-8FE87E1E48CA}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{F2123D61-1901-4715-AD98-522EC8BD34A5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: adwfohyofc%40adwfohyofc.org:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/24 10:12:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\toolkit@toolkitdevelopment.com: C:\Program Files (x86)\ToolKitService\ffext FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M] [2011/08/30 11:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions [2013/01/05 17:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions [1614/05/16 03:32:42 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions\adwfohyofc@adwfohyofc.org.xpi [2013/01/11 00:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/11 00:32:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/09/07 21:46:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/17 14:30:38 | 000,044,251 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\toolkitsearch.xml [2012/10/19 03:49:48 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://search.yahoo.com?type=937811&fr=spigot-yhp-ch CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - homepage: http://www.google.com,homepage_is_newtabpage:false,distribution:{skip_first_run_ui:false,import_search_engine:false,import_history:false,import_home_page:false,import_bookmarks:false,show_welcome_page:true,create_all_shortcuts:true,do_not_launch_chrome:true,make_chrome_default_for_user:true,ping_delay:-60} CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\ CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\ O1 HOSTS File: ([2013/01/11 10:53:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (ToolKit IE Helper) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe () O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [synBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.) O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo) O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo) O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [uCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics) O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [Octoshape Streaming Services] C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://dwa.deluxe.com/InternalSite/WhlCompMgr.cab (Forefront UAG endpoint components) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E60007A-6DCB-4BCC-9A49-F51F1D7B4346}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A848AE2D-03F9-46A3-8631-32F99EBE116F}: DhcpNameServer = 61.13.0.10 61.13.0.99 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/11 16:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2013/01/11 10:53:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/11 10:48:28 | 000,000,000 | ---D | C] -- C:\windows\temp [2013/01/11 10:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013/01/11 10:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013/01/11 10:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013/01/11 10:36:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/01/11 10:17:44 | 005,020,603 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe [2013/01/11 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/09 08:00:49 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013/01/08 22:45:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013/01/08 22:45:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2013/01/08 22:44:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2013/01/08 22:44:50 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs [2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs [2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs [2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs [2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs [2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs [2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs [2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs [2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs [2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs [2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs [2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs [2013/01/08 22:44:43 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2013/01/08 22:44:43 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll [2013/01/08 22:44:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2013/01/08 22:44:43 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll [2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs [2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs [2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs [2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs [2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs [2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs [2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs [2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs [2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs [2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs [2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs [2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs [2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs [2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs [2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs [2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs [2013/01/08 22:44:29 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2013/01/08 22:44:29 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013/01/08 22:44:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2013/01/08 22:44:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2013/01/08 22:44:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2013/01/08 22:44:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013/01/08 22:44:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013/01/08 22:44:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2013/01/08 22:44:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013/01/08 22:44:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2013/01/08 22:44:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/08 22:44:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/08 22:44:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2013/01/08 22:44:19 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2013/01/08 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\RK_Quarantine [2013/01/08 19:05:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\dds.com [2013/01/07 19:55:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Programs [2013/01/07 18:16:04 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA% [2013/01/07 18:08:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection [2013/01/07 18:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\B6E0B96FF67B1DB90000B6E0029421E7 [2013/01/07 17:15:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices [2013/01/03 07:13:48 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\SysNative\HPDiscoPMBC11.dll [2013/01/03 07:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013/01/03 07:13:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\HP [2013/01/02 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2013/01/02 03:56:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A1885271-CC74-4118-817C-8187D4573DDA} [2013/01/01 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZW Software Upgrade Assistant - LG [2013/01/01 21:56:41 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade [2013/01/01 21:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics [2012/12/29 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Audacity [2012/12/29 12:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2012/12/25 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/12/25 14:56:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys [2012/12/25 14:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2012/12/22 03:00:31 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012/12/22 03:00:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2012/12/22 03:00:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2012/12/22 03:00:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2012/12/21 11:24:13 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Jordan Therapy [2012/12/16 22:13:13 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2012/12/16 21:23:39 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/12/16 21:23:39 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/12/16 21:23:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/12/16 21:23:39 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/12/16 21:23:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/12/16 21:23:39 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/12/16 21:23:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/12/16 21:21:42 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll [2012/12/16 21:21:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll ========== Files - Modified Within 30 Days ========== [2013/01/11 16:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/01/11 16:10:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2013/01/11 15:58:02 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004UA.job [2013/01/11 15:57:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/11 11:07:14 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys [2013/01/11 10:53:29 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013/01/11 10:53:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013/01/11 10:17:47 | 005,020,603 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe [2013/01/11 08:41:28 | 000,017,642 | ---- | M] () -- C:\Users\Home\Desktop\combofix.htm [2013/01/10 19:07:18 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004Core.job [2013/01/10 13:19:55 | 150,748,948 | ---- | M] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4 [2013/01/09 08:20:14 | 000,291,384 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/01/09 08:01:17 | 000,741,704 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/01/09 08:01:17 | 000,624,864 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/01/09 08:01:17 | 000,106,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/01/08 22:08:58 | 000,764,416 | ---- | M] () -- C:\Users\Home\Desktop\RogueKiller.exe [2013/01/08 22:08:03 | 000,554,087 | ---- | M] () -- C:\Users\Home\Desktop\adwcleaner.exe [2013/01/08 21:31:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013/01/08 21:31:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013/01/08 21:31:38 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2013/01/08 20:28:20 | 003,431,843 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv [2013/01/08 20:26:05 | 001,636,733 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv [2013/01/08 19:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable [2013/01/08 19:05:47 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\dds.com [2013/01/08 19:04:13 | 000,856,731 | ---- | M] () -- C:\Users\Home\Desktop\SecurityCheck.exe [2013/01/08 19:03:47 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe [2013/01/08 00:29:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe [2013/01/08 00:27:54 | 002,195,061 | ---- | M] () -- C:\Users\Home\Desktop\tdsskiller.zip [2013/01/07 19:56:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/06 20:40:49 | 015,637,153 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv [2013/01/06 20:39:10 | 011,219,709 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv [2013/01/06 20:36:50 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2013/01/05 14:33:58 | 541,348,879 | ---- | M] () -- C:\windows\MEMORY.DMP [2013/01/03 07:13:48 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk [2013/01/03 07:13:48 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk [2013/01/03 07:13:36 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013/01/03 01:43:15 | 000,040,742 | ---- | M] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf [2013/01/02 22:33:36 | 171,539,355 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3 [2012/12/29 09:02:14 | 286,396,419 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv [2012/12/29 07:47:34 | 000,002,866 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012/12/25 14:56:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/22 22:10:35 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk [2012/12/19 19:01:57 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2012/12/17 13:18:53 | 133,033,834 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv [2012/12/17 13:18:27 | 141,417,037 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv [2012/12/17 13:17:42 | 137,378,959 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv [2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013/01/11 10:36:55 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/01/11 10:36:55 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/01/11 10:36:55 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/01/11 10:36:55 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/01/11 10:36:55 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013/01/11 08:41:27 | 000,017,642 | ---- | C] () -- C:\Users\Home\Desktop\combofix.htm [2013/01/10 13:18:42 | 150,748,948 | ---- | C] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4 [2013/01/08 22:08:54 | 000,764,416 | ---- | C] () -- C:\Users\Home\Desktop\RogueKiller.exe [2013/01/08 22:08:00 | 000,554,087 | ---- | C] () -- C:\Users\Home\Desktop\adwcleaner.exe [2013/01/08 20:28:16 | 003,431,843 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv [2013/01/08 20:26:02 | 001,636,733 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv [2013/01/08 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable [2013/01/08 19:04:02 | 000,856,731 | ---- | C] () -- C:\Users\Home\Desktop\SecurityCheck.exe [2013/01/08 19:03:46 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe [2013/01/08 00:27:47 | 002,195,061 | ---- | C] () -- C:\Users\Home\Desktop\tdsskiller.zip [2013/01/06 20:40:07 | 015,637,153 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv [2013/01/06 20:38:06 | 011,219,709 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv [2013/01/03 07:13:48 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk [2013/01/03 07:13:48 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk [2013/01/03 07:13:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013/01/03 01:43:13 | 000,040,742 | ---- | C] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf [2013/01/02 22:30:09 | 171,539,355 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3 [2012/12/29 12:51:07 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012/12/29 07:51:18 | 286,396,419 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv [2012/12/29 07:47:34 | 000,002,866 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012/12/25 14:56:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/22 22:10:35 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk [2012/12/19 19:01:57 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2012/12/17 12:56:32 | 133,033,834 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv [2012/12/17 12:56:06 | 141,417,037 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv [2012/12/17 12:55:25 | 137,378,959 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv [2012/10/01 13:19:15 | 000,039,150 | ---- | C] () -- C:\Users\Home\Cash Applications, Journal Entry and modes of remittance.htm [2012/10/01 13:16:54 | 000,125,149 | ---- | C] () -- C:\Users\Home\AR-process-map.jpg [2012/08/24 19:05:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/12/24 01:42:35 | 000,000,600 | ---- | C] () -- C:\Users\Home\PUTTY.RND [2011/11/06 14:23:28 | 000,006,144 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/06 22:25:17 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011/09/17 09:17:24 | 000,021,624 | ---- | C] () -- C:\windows\SysWow64\drivers\BSecACFltr.sys [2011/08/24 10:05:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2011/06/20 16:58:23 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\LXEDinst.dll [2011/06/20 16:58:22 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxedinpa.dll [2011/06/20 16:58:22 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\lxedcomx.dll [2011/06/20 16:58:22 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\lxediesc.dll [2011/06/20 16:58:22 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\lxedinsr.dll [2011/06/20 16:58:22 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\lxedjswr.dll [2011/06/20 16:58:22 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\lxedcur.dll [2011/06/20 16:58:21 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxedpmui.dll [2011/06/20 16:58:21 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\lxedins.dll [2011/06/20 16:58:21 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\lxedinsb.dll [2011/06/20 16:58:21 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\lxedcu.dll [2011/06/20 16:58:21 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\lxedcub.dll [2011/06/20 16:58:20 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\lxedserv.dll [2011/06/20 16:58:20 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxedusb1.dll [2011/06/20 16:58:20 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxedlmpm.dll [2011/06/20 16:58:19 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\lxedhbn3.dll [2011/06/20 16:58:19 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcoms.exe [2011/06/20 16:58:19 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxedih.exe [2011/06/20 16:58:18 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomc.dll [2011/06/20 16:58:18 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcfg.exe [2011/06/20 16:58:18 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomm.dll [2011/06/20 16:57:33 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\LXEDsm.dll [2011/06/20 16:57:33 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\LXEDsmr.dll [2011/06/19 11:54:12 | 000,001,230 | RHS- | C] () -- C:\Users\Home\ntuser.pol [2011/06/19 10:56:14 | 000,743,950 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/05/04 07:48:18 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011/05/04 07:39:01 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2011/05/04 07:39:01 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2011/05/04 07:38:55 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2011/05/04 07:27:55 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011/05/04 07:22:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >

Hi. Is everything in the gray box above supposed to be copied? It appears that some of this is an execution log. Or is it just the following: :Files ipconfig /flushdns /c :Commands [PURITY] [emptyjava] [EMPTYFLASH] [reboot] Also, I'm assuming that I should run it with the same settings as previously. Thanks.

Hello. Here is the log from the OTL.exe. Thank you. OTL logfile created on: 1/11/2013 4:13:57 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 7.98 Gb Total Physical Memory | 5.99 Gb Available Physical Memory | 75.06% Memory free 15.96 Gb Paging File | 13.71 Gb Available in Paging File | 85.89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 653.00 Gb Total Space | 436.96 Gb Free Space | 66.92% Space Free | Partition Type: NTFS Drive D: | 30.69 Gb Total Space | 28.56 Gb Free Space | 93.06% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Home | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.) PRC - C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.) PRC - C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.) PRC - C:\Program Files (x86)\Bsecure\BSecAMX.exe () PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe () PRC - C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe () PRC - C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation) PRC - C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.) PRC - C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe (Lenovo) PRC - C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) PRC - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe () PRC - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Bsecure\BSecAMX.exe () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe () MOD - C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll () MOD - C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddrs.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedscw.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxeddatr.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\iptk.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\epoemdll.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\epstring.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizres.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\epwizard.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\customui.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\epfunct.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\eputil.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\imagutil.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedcaps.dll () MOD - C:\Program Files (x86)\Lexmark S600 Series\lxedptp.dll () ========== Services (SafeList) ========== SRV:64bit: - (McMPFSvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc File not found SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com) SRV:64bit: - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe () SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (uagqecsvc) -- C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe (Microsoft ® Corporation) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (btwdins) -- C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV:64bit: - (lxed_device) -- C:\Windows\SysNative\lxedcoms.exe ( ) SRV:64bit: - (Slidebar Notifier Service) -- C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe (Lenovo) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (McAfee SiteAdvisor Service) -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe (McAfee, Inc.) SRV - (Freemake Improver) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Freemake) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BsecureAV) -- C:\Program Files (x86)\Bsecure\BsecAV.exe (Bsecure Technologies, Inc.) SRV - (Bsecure) -- C:\Program Files (x86)\Bsecure\InetCtrl.exe (Bsecure Technologies, Inc.) SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.) SRV - (DMService) -- C:\Windows\Downloaded Program Files\DMService.exe (Microsoft ® Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (lxed_device) -- C:\Windows\SysWOW64\lxedcoms.exe ( ) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (ToolkitDisk) -- C:\Windows\SysNative\drivers\toolkitdisk.sys (Toolkit Development, Ltd.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation) DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (USBModem) -- C:\Windows\SysNative\drivers\lgx64modem.sys (LG Electronics Inc.) DRV:64bit: - (UsbDiag) -- C:\Windows\SysNative\drivers\lgx64diag.sys (LG Electronics Inc.) DRV:64bit: - (usbbus) -- C:\Windows\SysNative\drivers\lgx64bus.sys (LG Electronics Inc.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (vm332avs) -- C:\Windows\SysNative\drivers\vm332avs.sys (Vimicro Corporation) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (BsecureFilter) -- C:\Windows\SysNative\drivers\BsecFltr.sys (BSafe Online) DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (BSecACFltr) -- C:\Windows\SysNative\drivers\BSecACFltr.sys () DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.) DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.) DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.) DRV:64bit: - (LHDmgr) -- C:\Windows\SysNative\drivers\LhdX64.sys (Lenovo.) DRV:64bit: - (ACPIVPC) -- C:\Windows\SysNative\drivers\AcpiVpc.sys (Lenovo Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (BsecureFilter) -- C:\Windows\SysWOW64\drivers\BsecFltr.sys (BSafe Online) DRV - (BSecACFltr) -- C:\Windows\SysWOW64\drivers\BSecACFltr.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/ IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes,DefaultScope = {F2123D61-1901-4715-AD98-522EC8BD34A5} IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{7B98B06F-9D73-4C65-B6A0-8FE87E1E48CA}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\SearchScopes\{F2123D61-1901-4715-AD98-522EC8BD34A5}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local IE - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:9666 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledAddons: adwfohyofc%40adwfohyofc.org:2.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/08/24 10:12:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\toolkit@toolkitdevelopment.com: C:\Program Files (x86)\ToolKitService\ffext FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/11 00:32:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 00:32:30 | 000,000,000 | ---D | M] [2011/08/30 11:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Extensions [2013/01/05 17:41:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions [1614/05/16 03:32:42 | 000,004,815 | ---- | M] () (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\extensions\adwfohyofc@adwfohyofc.org.xpi [2013/01/11 00:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013/01/11 00:32:32 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll [2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll [2012/09/07 21:46:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/03/17 14:30:38 | 000,044,251 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\toolkitsearch.xml [2012/10/19 03:49:48 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - homepage: http://search.yahoo.com?type=937811&fr=spigot-yhp-ch CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - homepage: http://www.google.com,homepage_is_newtabpage:false,distribution:{skip_first_run_ui:false,import_search_engine:false,import_history:false,import_home_page:false,import_bookmarks:false,show_welcome_page:true,create_all_shortcuts:true,do_not_launch_chrome:true,make_chrome_default_for_user:true,ping_delay:-60} CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Disabled) = c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Bina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglbaehakkaojfihjkgkpknbjldhhmmn\1.1_0\ CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\ O1 HOSTS File: ([2013/01/11 10:53:29 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O2 - BHO: (ToolKit IE Helper) - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files (x86)\ToolKitService\splash.dll File not found O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll () O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O3 - HKLM\..\Toolbar: (eToolKit Toolbar) - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files (x86)\ToolKitService\toolbar.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll () O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe () O4:64bit: - HKLM..\Run: [intelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [lxedmon.exe] C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe () O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [synBtnAsst] C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe (Synaptics Incorporated) O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe (Bsecure Technologies, Inc.) O4 - HKLM..\Run: [Lenovo SlideNav2] C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe (Lenovo) O4 - HKLM..\Run: [Lenovo SplitScreen] C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe (Lenovo) O4 - HKLM..\Run: [MuteSync] C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe (Lenovo) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [uCam_Menu] c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [updateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirror Tray icon] c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe (LG Electronics) O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [HP Photosmart 7520 series (NET)] C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-882656967-3440141182-356548101-1001..\Run: [Octoshape Streaming Services] C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-882656967-3440141182-356548101-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Bsecure\InetCtrl57.dll (Bsecure Technologies, Inc.) O13 - gopher Prefix: missing O16 - DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://dwa.deluxe.com/InternalSite/WhlCompMgr.cab (Forefront UAG endpoint components) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab (GpcContainer Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E60007A-6DCB-4BCC-9A49-F51F1D7B4346}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A848AE2D-03F9-46A3-8631-32F99EBE116F}: DhcpNameServer = 61.13.0.10 61.13.0.99 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/11 16:10:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2013/01/11 10:53:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/11 10:48:28 | 000,000,000 | ---D | C] -- C:\windows\temp [2013/01/11 10:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe [2013/01/11 10:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe [2013/01/11 10:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe [2013/01/11 10:36:50 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/11 10:36:32 | 000,000,000 | ---D | C] -- C:\windows\erdnt [2013/01/11 10:17:44 | 005,020,603 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe [2013/01/11 00:32:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/09 08:00:49 | 000,000,000 | ---D | C] -- C:\Config.Msi [2013/01/08 22:45:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32spl.dll [2013/01/08 22:45:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32spl.dll [2013/01/08 22:44:51 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll [2013/01/08 22:44:50 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usp10.dll [2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysWow64\fpb.rs [2013/01/08 22:44:45 | 000,046,592 | ---- | C] (Microsoft) -- C:\windows\SysNative\fpb.rs [2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc-nz.rs [2013/01/08 22:44:45 | 000,045,568 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc-nz.rs [2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegibbfc.rs [2013/01/08 22:44:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegibbfc.rs [2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysWow64\csrr.rs [2013/01/08 22:44:45 | 000,043,520 | ---- | C] (Microsoft) -- C:\windows\SysNative\csrr.rs [2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cob-au.rs [2013/01/08 22:44:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\windows\SysNative\cob-au.rs [2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysWow64\usk.rs [2013/01/08 22:44:45 | 000,030,720 | ---- | C] (Microsoft) -- C:\windows\SysNative\usk.rs [2013/01/08 22:44:43 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gameux.dll [2013/01/08 22:44:43 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gameux.dll [2013/01/08 22:44:43 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wpc.dll [2013/01/08 22:44:43 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Wpc.dll [2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysWow64\grb.rs [2013/01/08 22:44:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\windows\SysNative\grb.rs [2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-pt.rs [2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-pt.rs [2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi.rs [2013/01/08 22:44:43 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi.rs [2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysWow64\djctq.rs [2013/01/08 22:44:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\windows\SysNative\djctq.rs [2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysWow64\cero.rs [2013/01/08 22:44:42 | 000,055,296 | ---- | C] (Microsoft) -- C:\windows\SysNative\cero.rs [2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysWow64\esrb.rs [2013/01/08 22:44:42 | 000,051,712 | ---- | C] (Microsoft) -- C:\windows\SysNative\esrb.rs [2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysWow64\oflc.rs [2013/01/08 22:44:42 | 000,023,552 | ---- | C] (Microsoft) -- C:\windows\SysNative\oflc.rs [2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysWow64\pegi-fi.rs [2013/01/08 22:44:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\windows\SysNative\pegi-fi.rs [2013/01/08 22:44:29 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll [2013/01/08 22:44:29 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll [2013/01/08 22:44:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll [2013/01/08 22:44:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\conhost.exe [2013/01/08 22:44:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll [2013/01/08 22:44:28 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll [2013/01/08 22:44:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe [2013/01/08 22:44:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll [2013/01/08 22:44:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll [2013/01/08 22:44:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll [2013/01/08 22:44:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe [2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/08 22:44:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/08 22:44:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/08 22:44:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll [2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/08 22:44:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/08 22:44:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/08 22:44:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe [2013/01/08 22:44:19 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\taskhost.exe [2013/01/08 22:37:20 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\RK_Quarantine [2013/01/08 19:05:46 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\dds.com [2013/01/07 19:55:43 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Programs [2013/01/07 18:16:04 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA% [2013/01/07 18:08:31 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection [2013/01/07 18:06:09 | 000,000,000 | ---D | C] -- C:\ProgramData\B6E0B96FF67B1DB90000B6E0029421E7 [2013/01/07 17:15:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices [2013/01/03 07:13:48 | 000,741,480 | ---- | C] (Hewlett-Packard Co.) -- C:\windows\SysNative\HPDiscoPMBC11.dll [2013/01/03 07:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2013/01/03 07:13:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2013/01/03 07:13:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\HP [2013/01/02 23:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lame For Audacity [2013/01/02 03:56:13 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A1885271-CC74-4118-817C-8187D4573DDA} [2013/01/01 21:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VZW Software Upgrade Assistant - LG [2013/01/01 21:56:41 | 000,000,000 | ---D | C] -- C:\LGMobileUpgrade [2013/01/01 21:55:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics [2012/12/29 12:51:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Audacity [2012/12/29 12:51:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity [2012/12/25 14:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/12/25 14:56:46 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\windows\SysNative\drivers\GEARAspiWDM.sys [2012/12/25 14:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012/12/25 14:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2012/12/22 22:10:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2012/12/22 03:00:31 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012/12/22 03:00:31 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2012/12/22 03:00:31 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2012/12/22 03:00:30 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2012/12/21 11:24:13 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\Jordan Therapy [2012/12/16 22:13:13 | 016,369,160 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2012/12/16 21:23:39 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012/12/16 21:23:39 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012/12/16 21:23:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012/12/16 21:23:39 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012/12/16 21:23:39 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012/12/16 21:23:39 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012/12/16 21:23:39 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012/12/16 21:21:42 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dpnet.dll [2012/12/16 21:21:42 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dpnet.dll ========== Files - Modified Within 30 Days ========== [2013/01/11 16:13:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2013/01/11 16:10:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe [2013/01/11 15:58:02 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004UA.job [2013/01/11 15:57:56 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/11 11:15:05 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/11 11:07:14 | 2132,209,663 | -HS- | M] () -- C:\hiberfil.sys [2013/01/11 10:53:29 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts [2013/01/11 10:53:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013/01/11 10:17:47 | 005,020,603 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\ComboFix.exe [2013/01/11 08:41:28 | 000,017,642 | ---- | M] () -- C:\Users\Home\Desktop\combofix.htm [2013/01/10 19:07:18 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-882656967-3440141182-356548101-1004Core.job [2013/01/10 13:19:55 | 150,748,948 | ---- | M] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4 [2013/01/09 08:20:14 | 000,291,384 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2013/01/09 08:01:17 | 000,741,704 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2013/01/09 08:01:17 | 000,624,864 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2013/01/09 08:01:17 | 000,106,950 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2013/01/08 22:08:58 | 000,764,416 | ---- | M] () -- C:\Users\Home\Desktop\RogueKiller.exe [2013/01/08 22:08:03 | 000,554,087 | ---- | M] () -- C:\Users\Home\Desktop\adwcleaner.exe [2013/01/08 21:31:42 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2013/01/08 21:31:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2013/01/08 21:31:38 | 016,369,160 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe [2013/01/08 20:28:20 | 003,431,843 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv [2013/01/08 20:26:05 | 001,636,733 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv [2013/01/08 19:12:16 | 000,000,000 | ---- | M] () -- C:\Users\Home\defogger_reenable [2013/01/08 19:05:47 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\dds.com [2013/01/08 19:04:13 | 000,856,731 | ---- | M] () -- C:\Users\Home\Desktop\SecurityCheck.exe [2013/01/08 19:03:47 | 000,050,477 | ---- | M] () -- C:\Users\Home\Desktop\Defogger.exe [2013/01/08 00:29:28 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\TDSSKiller.exe [2013/01/08 00:27:54 | 002,195,061 | ---- | M] () -- C:\Users\Home\Desktop\tdsskiller.zip [2013/01/07 19:56:22 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/06 20:40:49 | 015,637,153 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv [2013/01/06 20:39:10 | 011,219,709 | ---- | M] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv [2013/01/06 20:36:50 | 000,001,215 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk [2013/01/05 14:33:58 | 541,348,879 | ---- | M] () -- C:\windows\MEMORY.DMP [2013/01/03 07:13:48 | 000,002,248 | ---- | M] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk [2013/01/03 07:13:48 | 000,001,180 | ---- | M] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk [2013/01/03 07:13:36 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini [2013/01/03 01:43:15 | 000,040,742 | ---- | M] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf [2013/01/02 22:33:36 | 171,539,355 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3 [2012/12/29 09:02:14 | 286,396,419 | ---- | M] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv [2012/12/29 07:47:34 | 000,002,866 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012/12/25 14:56:49 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/22 22:10:35 | 000,002,211 | ---- | M] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk [2012/12/19 19:01:57 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2012/12/17 13:18:53 | 133,033,834 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv [2012/12/17 13:18:27 | 141,417,037 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv [2012/12/17 13:17:42 | 137,378,959 | ---- | M] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv [2012/12/16 11:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\windows\SysNative\atmlib.dll [2012/12/16 08:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysNative\atmfd.dll [2012/12/16 08:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\atmfd.dll [2012/12/16 08:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\SysWow64\atmlib.dll [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2013/01/11 10:36:55 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe [2013/01/11 10:36:55 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe [2013/01/11 10:36:55 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe [2013/01/11 10:36:55 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe [2013/01/11 10:36:55 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe [2013/01/11 08:41:27 | 000,017,642 | ---- | C] () -- C:\Users\Home\Desktop\combofix.htm [2013/01/10 13:18:42 | 150,748,948 | ---- | C] () -- C:\Users\Home\Documents\Extraordinary - John Bevere.mp4 [2013/01/08 22:08:54 | 000,764,416 | ---- | C] () -- C:\Users\Home\Desktop\RogueKiller.exe [2013/01/08 22:08:00 | 000,554,087 | ---- | C] () -- C:\Users\Home\Desktop\adwcleaner.exe [2013/01/08 20:28:16 | 003,431,843 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.wmv [2013/01/08 20:26:02 | 001,636,733 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras.flv [2013/01/08 19:12:16 | 000,000,000 | ---- | C] () -- C:\Users\Home\defogger_reenable [2013/01/08 19:04:02 | 000,856,731 | ---- | C] () -- C:\Users\Home\Desktop\SecurityCheck.exe [2013/01/08 19:03:46 | 000,050,477 | ---- | C] () -- C:\Users\Home\Desktop\Defogger.exe [2013/01/08 00:27:47 | 002,195,061 | ---- | C] () -- C:\Users\Home\Desktop\tdsskiller.zip [2013/01/06 20:40:07 | 015,637,153 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.wmv [2013/01/06 20:38:06 | 011,219,709 | ---- | C] () -- C:\Users\Home\Documents\Toddlers & Tiaras - Marleigh's Mom.flv [2013/01/03 07:13:48 | 000,002,248 | ---- | C] () -- C:\Users\Public\Desktop\HP Photosmart 7520 series.lnk [2013/01/03 07:13:48 | 000,001,180 | ---- | C] () -- C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 7520 series.lnk [2013/01/03 07:13:36 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2013/01/03 01:43:13 | 000,040,742 | ---- | C] () -- C:\Users\Home\Documents\How_to_Love_Yourself_by_Louise_Hay_-_Excellent!__There_Is_No_Better_Program_On_This_Subject..pdf [2013/01/02 22:30:09 | 171,539,355 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.mp3 [2012/12/29 12:51:07 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2012/12/29 07:51:18 | 286,396,419 | ---- | C] () -- C:\Users\Home\Documents\Randy DeMain - Sound of healing 444hz 528hz.flv [2012/12/29 07:47:34 | 000,002,866 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012/12/25 14:56:49 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/12/22 22:10:35 | 000,002,211 | ---- | C] () -- C:\Users\Public\Desktop\Amazon Cloud Player.lnk [2012/12/19 19:01:57 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_dc3d_01011.Wdf [2012/12/17 12:56:32 | 133,033,834 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 3 of 3.flv [2012/12/17 12:56:06 | 141,417,037 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 2 of 3.flv [2012/12/17 12:55:25 | 137,378,959 | ---- | C] () -- C:\Users\Home\Documents\Craig Hill - Ancient Paths - Part 1 of 3.flv [2012/10/01 13:19:15 | 000,039,150 | ---- | C] () -- C:\Users\Home\Cash Applications, Journal Entry and modes of remittance.htm [2012/10/01 13:16:54 | 000,125,149 | ---- | C] () -- C:\Users\Home\AR-process-map.jpg [2012/08/24 19:05:54 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011/12/24 01:42:35 | 000,000,600 | ---- | C] () -- C:\Users\Home\PUTTY.RND [2011/11/06 14:23:28 | 000,006,144 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/10/06 22:25:17 | 000,000,268 | ---- | C] () -- C:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini [2011/09/17 09:17:24 | 000,021,624 | ---- | C] () -- C:\windows\SysWow64\drivers\BSecACFltr.sys [2011/08/24 10:05:02 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat [2011/06/20 16:58:23 | 000,331,776 | ---- | C] () -- C:\windows\SysWow64\LXEDinst.dll [2011/06/20 16:58:22 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxedinpa.dll [2011/06/20 16:58:22 | 000,344,064 | ---- | C] () -- C:\windows\SysWow64\lxedcomx.dll [2011/06/20 16:58:22 | 000,344,064 | ---- | C] ( ) -- C:\windows\SysWow64\lxediesc.dll [2011/06/20 16:58:22 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\lxedinsr.dll [2011/06/20 16:58:22 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\lxedjswr.dll [2011/06/20 16:58:22 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\lxedcur.dll [2011/06/20 16:58:21 | 000,643,072 | ---- | C] ( ) -- C:\windows\SysWow64\lxedpmui.dll [2011/06/20 16:58:21 | 000,323,584 | ---- | C] () -- C:\windows\SysWow64\lxedins.dll [2011/06/20 16:58:21 | 000,262,144 | ---- | C] () -- C:\windows\SysWow64\lxedinsb.dll [2011/06/20 16:58:21 | 000,253,952 | ---- | C] () -- C:\windows\SysWow64\lxedcu.dll [2011/06/20 16:58:21 | 000,090,112 | ---- | C] () -- C:\windows\SysWow64\lxedcub.dll [2011/06/20 16:58:20 | 001,048,576 | ---- | C] ( ) -- C:\windows\SysWow64\lxedserv.dll [2011/06/20 16:58:20 | 000,847,872 | ---- | C] ( ) -- C:\windows\SysWow64\lxedusb1.dll [2011/06/20 16:58:20 | 000,577,536 | ---- | C] ( ) -- C:\windows\SysWow64\lxedlmpm.dll [2011/06/20 16:58:19 | 000,688,128 | ---- | C] ( ) -- C:\windows\SysWow64\lxedhbn3.dll [2011/06/20 16:58:19 | 000,598,696 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcoms.exe [2011/06/20 16:58:19 | 000,324,264 | ---- | C] ( ) -- C:\windows\SysWow64\lxedih.exe [2011/06/20 16:58:18 | 000,802,816 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomc.dll [2011/06/20 16:58:18 | 000,373,416 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcfg.exe [2011/06/20 16:58:18 | 000,372,736 | ---- | C] ( ) -- C:\windows\SysWow64\lxedcomm.dll [2011/06/20 16:57:33 | 000,299,008 | ---- | C] () -- C:\windows\SysWow64\LXEDsm.dll [2011/06/20 16:57:33 | 000,023,552 | ---- | C] () -- C:\windows\SysWow64\LXEDsmr.dll [2011/06/19 11:54:12 | 000,001,230 | RHS- | C] () -- C:\Users\Home\ntuser.pol [2011/06/19 10:56:14 | 000,743,950 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/05/04 07:48:18 | 000,000,235 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011/05/04 07:39:01 | 002,110,816 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2011/05/04 07:39:01 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2011/05/04 07:38:55 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2011/05/04 07:27:55 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011/05/04 07:22:57 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin ========== ZeroAccess Check ========== [2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >

Hello. I ran Combofix and it finished successfully. However, there is no log on the Desktop. Notepad did open up with a log, but I had to do a restart and I was not able to find the log after restart. I searched on the C drive for .txt for today's date and no log. I am still being redirected to other pages sporadically from search results in IE and Firefox. Please let me know if you want me to rerun Combofix to get the log or what the next step should be. Thank you very much.

Hello. I am working on turning off the security. Do I need to turn off Bsecure which is a parental control software? The software directs to the Bsecure server and validates the websites to their database of blocked sites. I do not have the security module. But I think I'm only able to uninstall as I don't see a way to disable it. Thanks again.

Here is the RKreport.txt. Thanks. RogueKiller V8.4.3 [Jan 8 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Home [Admin rights] Mode : Remove -- Date : 01/08/2013 22:38:55 ¤¤¤ Bad processes : 2 ¤¤¤ [sUSP PATH] FreemakeUtilsService.exe -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -> KILLED [TermProc] [sUSP PATH] SansaDispatch.exe -- C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 8 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> DELETED [TASK][ROGUE ST] 0 : c:\program files (x86)\internet explorer\iexplore.exe -> DELETED [TASK][ROGUE ST] 4574 : wscript.exe C:\Users\Home\AppData\Local\Temp\launchie.vbs //B -> DELETED [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:9666) -> NOT REMOVED, USE PROXYFIX [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\n.) -> REPLACED (C:\windows\system32\shell32.dll) [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\n.) -> REPLACED (C:\windows\system32\wbem\fastprox.dll) ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\@ --> REMOVED [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\@ --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\U --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$8fcb669a3906bc07532e592b08b47417\L --> REMOVED [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-882656967-3440141182-356548101-1001\$8fcb669a3906bc07532e592b08b47417\L --> REMOVED ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT1 +++++ --- User --- [MBR] 287b2b09d321953dfd398492aa1f0023 [bSP] ae6f066611dbbe12f7d9a41a78f5bd42 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 200 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 411648 | Size: 668670 Mo 2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1369847808 | Size: 31425 Mo 3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1434206208 | Size: 15108 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_01082013_02d2238.txt >> RKreport[1]_S_01082013_02d2238.txt ; RKreport[2]_D_01082013_02d2238.txt

Hello. Here is the AdwCleaner.txt # AdwCleaner v2.105 - Logfile created 01/08/2013 at 22:29:57 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Home - HOME-PC # Boot Mode : Normal # Running from : C:\Users\Home\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Users\Admin\AppData\Local\Temp\Uninstall.exe Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\Admin\AppData\Local\Temp\avg@toolbar Folder Deleted : C:\Users\Home\AppData\Local\APN Folder Deleted : C:\Users\Home\AppData\Local\TempDir Folder Deleted : C:\Users\Home\AppData\LocalLow\AskToolbar ***** [Registry] ***** Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\Freecause Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\IGearSettings Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj Key Deleted : HKLM\SOFTWARE\Classes\ToolBand.ToolBandObj.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Tarma Installer ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\prefs.js C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\user.js ... Deleted ! [OK] File is clean. File : C:\Users\Bina\AppData\Roaming\Mozilla\Firefox\Profiles\d1malkfy.default\prefs.js [OK] File is clean. File : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qg46kkuz.default\prefs.js Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search"); Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7Bce285f5d-25db-4a46-af5f-a2c88508e987%[...] File : C:\Users\jodan\AppData\Roaming\Mozilla\Firefox\Profiles\8e24xnbv.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.1] : icon_url ={"apps_promo_counter":11,"browser":{"clear_lso_data_enabled":true,"window_placement":{"bottom":709,"[...] File : C:\Users\Bina\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [4277 octets] - [08/01/2013 22:29:57] ########## EOF - C:\AdwCleaner[s1].txt - [4337 octets] ##########

Here is the DDS.txt file DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.4.1 Run by Home at 19:22:19 on 2013-01-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8173.5878 [GMT -6:00] . AV: CloudCare *Disabled/Updated* {BABEE769-087B-572E-AD62-21FF46C86F61} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: CloudCare AntiSpyware *Disabled/Updated* {01DF068D-2E41-58A0-97D2-1A8D3D4F25DC} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\atieclxx.exe C:\windows\System32\spoolsv.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Bsecure\InetCtrl.exe C:\Program Files (x86)\Bsecure\BsecAV.exe C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe C:\windows\System32\svchost.exe -k LocalServiceNoNetwork C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe C:\windows\system32\lxedcoms.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe C:\Program Files\Macrium\Reflect\ReflectService.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe C:\windows\system32\rundll32.exe C:\windows\system32\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\svchost.exe -k bthsvcs C:\windows\system32\taskhost.exe C:\Program Files (x86)\Bsecure\BSecAMX.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Synaptics\SynTP\SynBtnAsst.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe C:\windows\SysWOW64\rundll32.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files (x86)\USB Camera2\VM332_STI.EXE C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe C:\Program Files (x86)\Bsecure\BsecTray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\HP\HP Photosmart 7520 series\Bin\HPNetworkCommunicator.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\windows\splwow64.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.foxnews.com/ uSearch Bar = Preserve mStart Page = hxxp://lenovo.msn.com uProxyServer = 127.0.0.1:9666 uProxyOverride = 127.0.0.1;*.local uURLSearchHooks: <No Name>: - LocalServer32 - <no file> mWinlogon: Userinit = userinit.exe, BHO: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: ToolKit IE Helper: {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll BHO: Lexmark Printable Web: {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll TB: Lexmark Toolbar: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll TB: eToolKit Toolbar: {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - uRun: [Octoshape Streaming Services] "C:\Users\Home\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun uRun: [sansaDispatch] C:\Users\Home\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe uRun: [bYR_AGENT] C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWNotiAgent.exe uRun: [HP Photosmart 7520 series (NET)] "C:\Program Files\HP\HP Photosmart 7520 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28G2B0MC05XX:NW" -scfn "HP Photosmart 7520 series (NET)" -AutoStart 1 uRun: [Citrix] rundll32 "C:\Users\Home\AppData\Local\CyberLink\Citrix\duagnc.dll",DllRegisterServerW uRun: [bdprmf] rundll32.exe "C:\Users\Home\AppData\Roaming\bdprmf.dll",TruncateLog mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [Lenovo SplitScreen] "C:\Program Files\Lenovo\Lenovo SplitScreen\SplitScreen\AutoRunSpS.exe" mRun: [uCam_Menu] "c:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Lenovo\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0" mRun: [YouCam Mirror Tray icon] "c:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe mRun: [Lenovo SlideNav2] "C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlideNavVDM.exe" mRun: [CloudCare] C:\Program Files (x86)\Bsecure\BsecTray.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm LSP: %ProgramFiles%\Bsecure\InetCtrl57.dll DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} - hxxps://dwa.deluxe.com/InternalSite/WhlCompMgr.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://sungard.webex.com/client/T27L10NSP21/webex/ieatgpc1.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{8E60007A-6DCB-4BCC-9A49-F51F1D7B4346} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{A848AE2D-03F9-46A3-8631-32F99EBE116F} : DHCPNameServer = 61.13.0.10 61.13.0.99 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://lenovo.msn.com x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [synBtnAsst] C:\Program Files (x86)\Synaptics\SynTP\SynBtnAsst.exe Utility_Window x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe x64-Run: [lxedmon.exe] "C:\Program Files (x86)\Lexmark S600 Series\lxedmon.exe" x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark S600 Series\ezprint.exe" x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\967xjxj6.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101752.dll FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Home\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Home\AppData\Roaming\Mozilla\plugins\npoctoshape.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.autoDisableScopes - 14 FF - user.js: security.csp.enable - false . . ============= SERVICES / DRIVERS =============== . R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-5-4 39008] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2010-12-1 203264] R2 Bsecure;CloudCare;C:\Program Files (x86)\Bsecure\InetCtrl.exe [2011-6-19 66344] R2 BsecureAV;CloudCare AntiVirus;C:\Program Files (x86)\Bsecure\BsecAV.exe [2011-6-19 161776] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-2-15 76288] R2 lxed_device;lxed_device;C:\windows\System32\lxedcoms.exe -service --> C:\windows\System32\lxedcoms.exe -service [?] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-1 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-24 682344] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2012-8-22 103472] R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-12-22 46080] R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2012-10-31 301760] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 Slidebar Notifier Service;Slidebar Notifier Service;C:\Program Files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNotifier.exe [2011-5-4 69568] R2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [2011-6-20 150928] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2011-5-4 28176] R3 BSecACFltr;BSecACFltr;C:\windows\System32\drivers\BSecACFltr.sys [2011-9-17 22832] R3 btusbflt;Bluetooth USB Filter;C:\windows\System32\drivers\btusbflt.sys [2010-9-2 54824] R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-5-4 35104] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2010-6-7 406056] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2011-6-24 24176] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?] S3 DMService;Microsoft Forefront UAG Endpoint Component Manager;C:\Windows\DOWNLO~1\DMService.exe [2011-6-20 468368] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2011-6-20 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352] S3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2010-9-2 160880] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-6-17 237008] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S3 ToolkitDisk;ToolkitDisk;C:\windows\System32\drivers\toolkitdisk.sys [2012-3-17 62552] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 vm332avs;Lenovo Camera2;C:\windows\System32\drivers\vm332avs.sys [2010-9-2 229456] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-6-19 1255736] S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .js: JSFile=C:\windows\System32\WScript.exe "%1" %* [userChoice] . =============== Created Last 30 ================ . 2013-01-08 01:55:43 -------- d-----w- C:\Users\Home\AppData\Local\Programs 2013-01-08 00:16:04 -------- d-sh--w- C:\windows\System32\%APPDATA% 2013-01-08 00:06:09 -------- d-----w- C:\ProgramData\B6E0B96FF67B1DB90000B6E0029421E7 2013-01-08 00:04:55 174592 ----a-w- C:\Users\Home\AppData\Roaming\bdprmf.dll 2013-01-04 17:47:06 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5040281E-7AA9-48A1-A379-7ED8CCB2DFA7}\mpengine.dll 2013-01-03 13:13:48 741480 ------w- C:\windows\System32\HPDiscoPMBC11.dll 2013-01-03 13:13:38 -------- d-----w- C:\Program Files\HP 2013-01-03 13:13:38 -------- d-----w- C:\Program Files (x86)\HP 2013-01-03 13:13:22 -------- d-----w- C:\Users\Home\AppData\Local\HP 2013-01-03 05:41:51 -------- d-----w- C:\Program Files (x86)\Lame For Audacity 2013-01-02 09:56:13 -------- d-----w- C:\Users\Home\AppData\Local\{A1885271-CC74-4118-817C-8187D4573DDA} 2013-01-02 03:56:41 -------- d-----w- C:\LGMobileUpgrade 2013-01-02 03:55:50 -------- d-----w- C:\Program Files (x86)\LG Electronics 2013-01-02 03:49:57 98304 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGUTchkdl.dll 2013-01-02 03:49:57 5275648 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LG_VZW_United_WHQL_v2.7.1.msi 2013-01-02 03:49:57 24576 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\LGEUSBAutorun.dll 2013-01-02 03:49:52 1347584 ----a-w- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\TLPC\TL_PC.exe 2013-01-02 03:49:44 90112 ----a-r- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\E\LGUTchkdl.dll 2013-01-02 03:49:44 24576 ----a-r- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates\E\LGEUSBAutorun.dll 2012-12-29 18:51:01 -------- d-----w- C:\Program Files (x86)\Audacity 2012-12-25 20:56:46 33240 ----a-w- C:\windows\System32\drivers\GEARAspiWDM.sys 2012-12-25 20:56:25 -------- d-----w- C:\Program Files\iPod 2012-12-25 20:56:24 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-25 20:56:24 -------- d-----w- C:\Program Files\iTunes 2012-12-25 20:56:24 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-23 04:10:34 -------- d-----w- C:\Program Files (x86)\Amazon 2012-12-22 09:00:31 46080 ----a-w- C:\windows\System32\atmlib.dll 2012-12-22 09:00:31 367616 ----a-w- C:\windows\System32\atmfd.dll 2012-12-22 09:00:31 34304 ----a-w- C:\windows\SysWow64\atmlib.dll 2012-12-22 09:00:30 295424 ----a-w- C:\windows\SysWow64\atmfd.dll 2012-12-17 04:13:13 16363960 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe 2012-12-17 03:21:42 478208 ----a-w- C:\windows\System32\dpnet.dll 2012-12-17 03:21:42 376832 ----a-w- C:\windows\SysWow64\dpnet.dll 2012-12-10 19:52:00 -------- d-----w- C:\Users\Home\AppData\Local\CyberLink . ==================== Find3M ==================== . 2012-12-17 04:13:18 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-12-17 04:13:18 697272 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-12-14 22:49:28 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-11-22 03:26:40 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-11-12 12:28:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2012-11-12 11:52:18 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-11-09 05:45:09 2048 ----a-w- C:\windows\System32\tzres.dll 2012-11-09 04:42:49 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-10-31 20:38:44 13504 ----a-w- C:\windows\System32\drivers\PSVolAcc.sys 2012-10-31 20:38:18 57024 ----a-w- C:\windows\System32\drivers\psmounterex.sys 2012-10-27 06:26:55 981504 ----a-w- C:\windows\SysWow64\wininet.dll 2012-10-27 05:51:21 1188864 ----a-w- C:\windows\System32\wininet.dll 2012-10-16 08:38:37 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\windows\apppatch\AcLayers.dll . ============= FINISH: 19:22:51.67 ===============